CVE-2024-14021
HIGH WAF: Medium
CVSS 7.8
Published: 2026-01-12
CWE-502
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.
WAF Coverage Analysis
Insecure Deserialization
Medium WAF Coverage
OWASP: A08:2021 Software and Data Integrity Failures
944xxx - Java Attack
Affected Software
| Vendor | Product | Version |
|---|---|---|
| llamaindex | llamaindex | up to 0.11.6 |
References
- github.com (Product)
- huntr.com (Exploit, Third Party Advisory)
- www.llamaindex.ai (Product)
- www.vulncheck.com (Third Party Advisory)